CVE-2023-50765
published 2023-12-13CVE-2023-50765: A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.45%
36.2th percentile
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | deployment_dashboard_plugin | — | — |
| jenkins | dingding_json_pusher_plugin | — | — |
| jenkins | htmlresource_plugin | — | — |
| jenkins | nexus_platform_plugin | — | — |
| jenkins | openid_connect_authentication_plugin | — | — |
| jenkins | paaslane_estimate_plugin | — | — |
| jenkins | scriptler | <= 342.v6a_89fd40f466 | — |
| jenkins | scriptler_plugin | — | — |
| jenkins | synopsys_rapid_scan_static_is_the_only_plugin | — | — |
| jenkins_project | jenkins_scriptler_plugin | <= 342.v6a_89fd40f466 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Missing permission check in Jenkins Scriptler Plugin
ghsa·2023-12-13
CVE-2023-50765 [MEDIUM] CWE-862 Missing permission check in Jenkins Scriptler Plugin
Missing permission check in Jenkins Scriptler Plugin
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
OSV
Missing permission check in Jenkins Scriptler Plugin
osv·2023-12-13
CVE-2023-50765 [MEDIUM] Missing permission check in Jenkins Scriptler Plugin
Missing permission check in Jenkins Scriptler Plugin
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
Jenkins
Jenkins Security Advisory 2023-12-13
vendor_jenkins·2023-12-13·CVSS 7.5
CVE-2023-5072 [HIGH] Jenkins Security Advisory 2023-12-13
Title: Jenkins Security Advisory 2023-12-13
Jenkins Security Advisory 2023-12-13
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Analysis Model API
Plugin
Deployment Dashboard
Plugin
Dingding JSON Pusher
Plugin
HTMLResource
Plugin
Nexus Platform
Plugin
OpenId Connect Authentication
Plugin
PaaSL
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-13
Published